package com.mm.base.filter.xss2;

import lombok.extern.slf4j.Slf4j;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @Description 把请求过滤类XssHttpServletRequestWraper添加到Filter中，注入容器
 * @Date 2024/4/11 下午1:54
 * @Author yanglin
 **/
@Slf4j
@Order(9)
@Component
public class XssFilter implements Filter {
    /**
     * 忽略权限检查的url地址
     */
    private final String[] excludeUrls = new String[]{
            "null"
    };

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        // 获取请求你ip后的全部路径
        String uri = req.getRequestURI();
        // 注入xss过滤器实例
        XssHttpServletRequestWrapper reqW = new XssHttpServletRequestWrapper(req);
        // 过滤掉不需要的Xss校验的地址
        for (String str : excludeUrls) {
            if (uri.indexOf(str) >= 0) {
                chain.doFilter(request, response);
                return;
            }
        }
        // 过滤
        chain.doFilter(reqW, response);
    }
}
